Exercising Machine Learning (ML) algorithms to detect intrusions is nowadays the de-facto standard for data-driven detection tasks. This activity requires the expertise of the researchers, practitioners, or employees of companies that also have to gather labeled data to learn and evaluate the model that will then be deployed into a specific system. Reducing the expertise and time required to craft intrusion detectors is a tough challenge, which in turn will have an enormous beneficial impact in the domain. This paper conducts an exploratory study that aims at understanding to which extent it is possible to build an intrusion detector that is general enough to learn the model once and then be applied to different systems with minimal to no effort. Therefore, we recap the issues that may prevent building general detectors and propose software architectures that have the potential to overcome them. Then, we perform an experimental evaluation using several binary ML classifiers and a total of 16 feature learners on 4 public attack datasets. Results show that a model learned on a dataset or a system does not generalize well as is to other datasets or systems, showing poor detection performance. Instead, building a unique model that is then tailored to a specific dataset or system may achieve good classification performance, requiring less data and far less expertise from the final user.

Towards a General Model for Intrusion Detection: An Exploratory Study / Tommaso Zoppi, Andrea Ceccarelli, Andrea Bondavalli. - ELETTRONICO. - 1753:(2023), pp. 186-201. (Intervento presentato al convegno Machine Learning and Principles and Practice of Knowledge Discovery in Databases. ECML PKDD 2022 tenutosi a Grenoble, Francia nel 19-23 Settembre 2022) [10.1007/978-3-031-23633-4_14].

Towards a General Model for Intrusion Detection: An Exploratory Study

Tommaso Zoppi
;
Andrea Ceccarelli;Andrea Bondavalli
2023

Abstract

Exercising Machine Learning (ML) algorithms to detect intrusions is nowadays the de-facto standard for data-driven detection tasks. This activity requires the expertise of the researchers, practitioners, or employees of companies that also have to gather labeled data to learn and evaluate the model that will then be deployed into a specific system. Reducing the expertise and time required to craft intrusion detectors is a tough challenge, which in turn will have an enormous beneficial impact in the domain. This paper conducts an exploratory study that aims at understanding to which extent it is possible to build an intrusion detector that is general enough to learn the model once and then be applied to different systems with minimal to no effort. Therefore, we recap the issues that may prevent building general detectors and propose software architectures that have the potential to overcome them. Then, we perform an experimental evaluation using several binary ML classifiers and a total of 16 feature learners on 4 public attack datasets. Results show that a model learned on a dataset or a system does not generalize well as is to other datasets or systems, showing poor detection performance. Instead, building a unique model that is then tailored to a specific dataset or system may achieve good classification performance, requiring less data and far less expertise from the final user.
2023
Machine Learning and Principles and Practice of Knowledge Discovery in Databases. ECML PKDD 2022
Machine Learning and Principles and Practice of Knowledge Discovery in Databases. ECML PKDD 2022
Grenoble, Francia
19-23 Settembre 2022
Tommaso Zoppi, Andrea Ceccarelli, Andrea Bondavalli
File in questo prodotto:
File Dimensione Formato  
TowardsGeneralID_V8_CameraReady.pdf

Accesso chiuso

Tipologia: Preprint (Submitted version)
Licenza: Tutti i diritti riservati
Dimensione 452.7 kB
Formato Adobe PDF
452.7 kB Adobe PDF   Richiedi una copia

I documenti in FLORE sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificatore per citare o creare un link a questa risorsa: https://hdl.handle.net/2158/1297418
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 3
  • ???jsp.display-item.citation.isi??? 0
social impact